Skills
skills/kanopi/cms-cultivator/accessibility-audit/Gen Agent Trust Hub

accessibility-audit

Pass

Audited by Gen Agent Trust Hub on Apr 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses git diff to identify files modified in the current branch to enable scoped auditing of pull requests.
  • [REMOTE_CODE_EXECUTION]: The documentation includes instructions for running well-known accessibility auditing tools (axe, pa11y, lighthouse) via npx within the local development environment (ddev). These are standard tools from trusted registries.
  • [PROMPT_INJECTION]: The skill analyzes project source code, which introduces a surface for indirect prompt injection. This is inherent to the auditing function.
  • Ingestion points: Reads project files (HTML, PHP, Twig, template files) using Read and Glob tools.
  • Boundary markers: None explicitly defined for file content ingestion.
  • Capability inventory: Spawns specialized agents via Task() and executes shell commands for file discovery.
  • Sanitization: No specific sanitization or filtering of file content is described prior to analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 27, 2026, 11:21 AM